Secunia SmallBusiness
Overview
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading

Secunia Advisory SA26890

VMWare Products Multiple Vulnerabilities
Secunia Advisory SA26890
Secunia VIM 4.0 - Free Trial
Release Date 2007-09-20
Last Update 2007-10-23
   
Popularity 26,709 views
Comments 0 comments

Criticality level Moderately criticalModerately critical
Impact Privilege escalation
DoS
System access
Where From local network
Authentication level This information is available to Secunia VIM customers
   
Report reliability This information is available to Secunia VIM customers
Solution Status Vendor Patch
   
Secunia PoC Available in Customer Area
Secunia analysis Available in Customer Area
   
Systems affected This information is available to Secunia VIM customers
Approve distribution This information is available to Secunia VIM customers
   
Operating System
VMware ESX Server 2.x
VMware ESX Server 3.x

Software:
VMware ACE 1.x
VMware ACE 2.x
VMware Player 1.x
VMware Player 2.x
VMware Server 1.x
VMware Workstation 5.x
VMware Workstation 6.x
Secunia CVSS Score This information is available to Secunia VIM Customers
CVE Reference(s) CVE-2007-0061 CVSS score available to Secunia VIM customers
CVE-2007-0062 CVSS score available to Secunia VIM customers
CVE-2007-0063 CVSS score available to Secunia VIM customers
CVE-2007-4496 CVSS score available to Secunia VIM customers
CVE-2007-4497 CVSS score available to Secunia VIM customers
CVE-2007-5023 CVSS score available to Secunia VIM customers
CVE-2007-5024 CVSS score available to Secunia VIM customers
CVE-2007-5025 CVSS score available to Secunia VIM customers
CVE-2007-5617 CVSS score available to Secunia VIM customers
CVE-2007-5618 CVSS score available to Secunia VIM customers
CVE-2007-5619 CVSS score available to Secunia VIM customers
  

Description

Multiple vulnerabilities have been reported in various VMware products, which can be exploited by malicious, local users to gain escalated privileges or cause a DoS (Denial of Service) or by malicious people to compromise a vulnerable system.

1) An unspecified error can be exploited by a user with administrative privileges in the guest system to cause a memory corruption on a certain host process.

Successful exploitation may allow execution of arbitrary code on the host system.

2) An unspecified error can be exploited within the guest system to cause a host process to crash.

The vulnerabilities affect VMWare ESX 3.0.1, 3.0.0, 2.5.4, 2.5.3, 2.1.3, and 2.0.2, VMWare Workstation 6.0.0 and 5.5.4, VMWare Player 2.0.0 and 1.0.4, VMWare Server 1.0.3, and VMWare ACE 2.0.0 and 1.0.3.

3) An integer underflow error in the DHCP server can be exploited to cause a stack-based buffer overflow via a specially crafted DHCP packet.

4) An integer overflow error in the DHCP server can be exploited to cause a stack-based buffer overflow via a specially crafted DHCP packet.

5) Improper handling of malformed DHCP packets can be exploited to execute arbitrary code via a specially crafted DHCP packet.

Successful exploitation of the vulnerabilities allow execution of arbitrary code.

6) Improper starting of registered services can be exploited to gain escalated privileges.

The vulnerabilities affect VMWare Workstation 6.0.0 and 5.5.4, VMWare Player 2.0.0 and 1.0.4, VMWare Server 1.0.3, and VMWare ACE 2.0.0 and 1.0.3.


Solution
Update to the latest version or apply patches.
Further details available to Secunia VIM customers

Provided and/or discovered by
The vendor credits:
1-2) Rafal Wojtczvk, McAfee
3-5) Neel Mehta and Ryan Smith, IBM ISS X-Force
6) Foundstone

Changelog
Further details available to Secunia VIM customers

Original Advisory
VMWare:
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#601
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#555
http://www.vmware.com/support/server/doc/releasenotes_server.html#resolved
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html#new_201
http://www.vmware.com/support/player/doc/releasenotes_player.html#105
http://www.vmware.com/support/player2/doc/releasenotes_player2.html#201
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html

IBM ISS X-Force:
http://www.iss.net/threats/275.html
http://xforce.iss.net/xforce/xfdb/33103
http://xforce.iss.net/xforce/xfdb/33102
http://xforce.iss.net/xforce/xfdb/33101

Deep Links
Links available to Secunia VIM customers


Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: VMWare Products Multiple Vulnerabilities
 
No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability